FWD Singapore warned over data breach

Personal data was leaked through payment advice letters.

The Personal Data Protection Commission (PDPC) has warned FWD Singapore for failing to prevent the unauthorised disclosure of personal data contained in payment advice letters.

In a decision, the insurer was found in breach of Protection Obligation under section 24 of the country’s Personal Data Protection Act 2012.

On 26 July 2019, FWD notified PDPC of a leak of 71 individuals’ personal data through 42 advice letters sent to incorrect recipients between 20 June and 17 July. It stemmed from an attempt to fix a logic error in the system it used to generate the letters.

A second logic error resulted in the extraction of wrong mailing addresses for advice letters in some circumstances. This could have been detected if manual code review and unit testing had been conducted to a reasonable standard, the PDPC said.

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.